ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Closed incidents get recreated

book

Article ID: 200435

calendar_today

Updated On:

Products

Advanced Threat Protection Platform Endpoint Detection and Response Endpoint Protection with Endpoint Detection and Response

Issue/Introduction

When reviewing incidents on the Symantec Endpoint Detection and Response (SEDR) appliance, it is noted that a new incident is created that contains events from the same date and time as those in a previously closed incident.  The incident continues to get generated even though the incident is repeatedly closed.

Cause

A SEP client policy has become corrupted.

Resolution

Update the SEP client policy for the client(s) in question.

For details, see the following topic in the SEP Installation and Administration Guide::